CLAIMS 

I claim: 

1 . On a plurality of IP networks, each of said plurality of networks being remote from every 
other network, each said network being connected to the internet by a VPN-router, a 
method of sending an IP packet from a host on one of said plurality of networks to a host 
on another of said plurality of networks, comprising the steps of: 

a. assigning a netID to each network of said plurality of networks; 

b. assigning an ff address to each host on each said network, said IP address for 
each said host having the same netID as the network to which said host is 
attached, each said host having a hostID that is unique to said host's network; 

c. for each said network, assigning a virtual IP address to said network representing 
a host on a remote network, said virtual IP address having the same netID as said 
network and a hostID that is unique to said network; 

d. creating in each said VPN-router connected to each said network, one or more 
tables cross referencing each virtual IP address on said network to the netID of 
the remote network of the host which said virtual IP address represents, and cross 
referencing each host attached to said network to each virtual remote IP address 
representing said host on each remote network; 

e. sending an IP packet from a host on one of said plurahty of networks to a host on 
another of said plurahty of networks, said IP packet. 

2. A method of sending an IP packet as clauned in claim 1 wherein one of said networks is 
a home network and the remaining networks in said plurality of networks are remote 
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networks, said IP addresses and said virtual IP addresses assigned to said home network 
being taken from a range of reserved private IP addresses, said range being one of three 
blocks of IP addresses, a first block comprising contiguous IP addresses from 10.0.0.0 
and extending through 10.255.255.255, a second block comprising contiguous IP 
addresses from 172.16.0.0 and extending through 172.16.255.255, and a third block 
comprising contiguous the IP addresses from 192.168.0.0 and extending through 
192.168.255.255. 

A method of sending an IP packet as claimed in claim 2 wherein IP addresses and virtual 
IP addresses assigned to said remote networks are taken from the same said range of 
reserved private IP addresses as said DP addresses and virtual IP addresses assigned to 
said home network. 

A method of sending an IP packet as claimed in claim 1 wherein said IP packet is sent 
from a first host attached to a first network in said plurality of networks, said first host 
having an IP address on said first network, to a second host attached to a second network 
in said plurahty of networks, said second host having an IP address on said second 
network, said first and second networks being attached to the internet and being remote 
from each other, comprising the fiirther steps of: 

a. said first host sending an IP packet to a first VPN-router connecting said first 

network to the internet, said IP packet having a header that includes a destination 
IP address and a source IP address, said destination IP address being a virtual IP 
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address assigned to said first network representing said second host, and said 
source DP address being said IP address of said first host on said first network; 

b. said first VPN-router receiving said IP packet, determining the virtual remote IP 
address representing said first host upon said second network, replacing said 
source ff address with said virtual remote IP address representing said first host 
upon said second network, encapsulating said IP packet as a payload within an 
encapsulating IP packet, providing said encapsulating IP packet with a destination 
IP address of a second remote VPN-router connecting said second network to the 
internet, and sending said encapsulating IP packet to the intemet for routing and 
delivery to said second VPN-router; 

c. said second VPN-router receiving said encapsulating ff packet, decapsulating 
said encapsulating JP packet to recover said IP packet, determining the IP address 
of said second host on said second network, replacing said destination IP address 
of said IP packet with said JP address of said second host on said second network, 
and sending said IP packet to said second network for delivery to said second 
host. 



A method of sending an IP packet as claimed in claim 4, further comprising the steps of: 

a. said first host encrypting the payload of said IP packet prior to sending said JP 
packet to said first VPN-router; and 

b. said second host decrypting said payload of said IP packet upon receiving said IP 
packet fi-om said second VPN-router. 



1 6. A method of sending an ff packet from a first host attached to a first network to a second 

2 host attached to a second network, and sending a second IP packet from said second host 

3 to said first host, said first and second networks being attached to the internet, comprising 

4 the steps of: 

5 a. assigning a first IP address to said first host attached to said first network, said 

6 first IP address comprising a netID and a hostID that is imique to said first 

7 network; 

8 b. assigning a second and third IP address to a first VPN-router connecting said first 

9 if network to the intemet, said second IP address being assigned to said VPN- 

1 0 \j router's interface to said first network and having the netID of said first network 

1 1 m aiid a hostID that is unique to said first network, said third IP address being 

12 \0 assigned to said first VPN-router's interface with the internet and being a globally 

13 y unique IP address; 

14 ^ c. assigning a fourth IP address as a virtual IP address to represent, on said first 

1 5 |I network, said second host, said second host being attached to said second network 

1 6 that is attached to the internet and that is remote from said first network, said 
1^7 fourth IP address having the netID of said first network and a hostID that is 

1 8 unique to said first network; 

1 9 d. assigning a fifth IP address to said second host attached to said second network, 

20 said fifth IP address having the netID of said second network and a hostID that is 

2 1 unique to said second network; 

22 e. assigning a sixth and seventh IP address to a second VPN-router connecting said 

23 second network to the intemet, said sixth IP address being assigned to said VPN- 
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1 router's interface to said second network and having the netID of said second 

2 network and a hostID that is unique to said second network, said seventh IP 

3 address being assigned to said second VPN-router's interface with the internet and 

4 being a globally unique IP address; 

5 f. assigning an eighth IP address as a virtual IP address to represent, on said second 

6 network, said first host, said eighth DP address having the netID of said second 

7 network and a hostID that is unique to said second network; 

8 g. creating a table in said first VPN-router whereby said fourth IP address is cross 

9 1- referenced to said seventh IP address, and said first IP address is cross referenced 

10 ^ to said eighth IP address; 

1 1 01 h. creating a table in said second VPN-router whereby said eighth IP address is cross 

12 referenced to said third ff address, and said fourth IP address is cross referenced 

13 Sf to said fifth IP address; 

14 r i. sending said first IP packet from said first host, said first IP packet having as its 

15 destination IP address said fourth IP address and having as its source address said 

16 first IP address; 

17 j. receiving said fu-st IP packet at said first network interface of said first VPN- 

1 8 router, replacing said source IP address in said first IP packet with said eighth IP 

19 address, encapsulating said first IP packet as a payload within a first 

20 encapsulating IP packet having as its destination IP address said seventh IP 

21 address, and sending said first encapsulating IP packet to the internet for routing 

22 to said second VPN-router; 
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k. receiving said first encapsulating IP packet at said second VPN-router, 

decapsulating said payload to obtain said first IP packet, examining said first IP 
packet to determine said first IP packet's destination, replacing said first IP 
packet's destination JP address with said fifth IP address, and placing said first DP 
packet on said second network for delivery to said second host; 

1. receiving said first IP packet at said second host, and sending a second IP packet 
fi'om said second host to said first host. 

The method of sending a first IP packet firom a first host to a second host and sending a 
second IP packet from said second host to said first host as claimed in claim 6, 
comprising the fiirther steps of 

1. sending said second IP packet from said second host, said second ff packet 

having as its destination IP address said eighth IP address and having as its source 
address said fifth JP address; 

m. receiving said second IP packet at said second VPN-router's interface to said 
second network, replacing said source address with said fourth IP address, 
encapsulating said second IP packet as a payload within a second encapsulating 
IP packet having as its destination IP address said third IP address, and sending 
said second encapsulating packet to the internet for routing to said first VPN- 
router; and 

n, receiving said second encapsulating IP packet at said first VPN-router, 

decapsulating said payload to obtain said second IP packet, examining said 
second IP packet to determine said second TP packet's destination, replacing said 
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1 second IP packet's destination IP address with said first IP address, and placing 

2 said second IP packet on said second network for delivery to said first host 

3 attached to said first network. 
4 

5 8. A method of sending a plurality of IP packets from one or more hosts attached to a first 

6 network to one or more remote hosts attached to one or more networks remote from said 

7 first network, said first network and each of said one or more remote networks being 

8 connected to the internet by a VPN-router, comprising the steps of: 

9 O a. assigning a netID to said first network: and to each network of said one or more 

10 remote networks; 

1 1 m b, assigning an IP address to each host of said one or more hosts attached to said 

12 ^, [| first network and to each remote host attached to each of said one or more remote 

13 O networks, each said host's IP address havmg the same netID as the network to 

14 H which said host is attached, and each said host's IP address having a hostID that is 

15 unique to said host's network; 

1 6 c. assigning one or more virtual IP addresses to said first network, each said virtual 
1 ^ IP address representing one of said one or more remote hosts on said one or more 
1 ^ remote networks, each said virtual IP address having the same netID as said first 

1 9 network and a hostID that is unique to said first network; 

20 d. assigning one or more virtual IP addresses to each of said one or more remote 

2 1 networks, each of said one or more virtual IP addresses representing a host on 

22 said first network 
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creating in said VPN-router connected to said first network, one or more tables 
cross referencing each virtual IP address on said first network to the netID of the 
remote network of the host which said virtual IP address represents, and cross 
referencing each host attached to said first network to each virtual IP address 
representing each said host on each of said one or more remote networks; 
creating in each VPN-router connecting one of said one or more remote networks 
to the intemet one or more tables cross referencing each virtual LP address on said 
remote network to said first network, and cross referencing the IP address of each 
remote host on said remote network to the virtual IP address representing said 
remote host on said first network; 

sending a plurality of IP packets fi-om one or more said hosts on said first network 
to one or more said remote hosts on one or more said remote networks, the 
destination IP address of each IP packet in said plurality of IP packets being the 
said virtual IP address on said first network of the said remote host to which the 
said IP packet is sent, and the source IP address of each said IP packet in said 
plurality of IP packets being the said local IP address of the said host on said first 
network from which the said IP packet is sent; 

receiving said plurality of IP packets at said first VPN router and, for each said 
packet, determining the said source IP address of the said host on said first 
network sending said IP packet and replacing said source IP address with the said 
virtual IP address representing said sending host on the said remote network to 
which said IP packet is being sent, determining the remote network of the remote 
host to which said IP packet is addressed, encapsulating said IP packet as a 
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payload within an encapsulating IP packet, addressing said encapsulating JP 
packet for delivery to the said remote VPN-router attached to said remote 
network, and placing said encapsulating P packet on the internet, such that a 
plurality of encapsulating IP packets are routed Jfrom said first VPN-router to said 
one or more remote VPN-routers; 

for each of said one or more remote VPN-routers attached to one of said one or 
more remote networks, receiving one or more of said plurality of encapsulating IP 
packets at said remote VPN-router and, for each of said one or more 
encapsulating IP packets, decapsulating said encapsulating IP packet to obtain 
said JP packet, examining said IP packet to determine the said virtual destination 
IP address, replacing said virtual destination IP address with the IP address of the 
remote host to which said IP packet is directed on said remote network, and 
sending said IP packet to said remote network for deUvery to said remote host. 

The method of sending a plurality of IP packets from one or more local hosts 
attached to a first network to one or more remote hosts attached to one or more 
remote networks as claimed in claim 8, comprising the further steps of encrypting 
said one or more IP packets at said fu-st VPN-router prior to encapsulation and 
transmission to said one or more remote VPN-routers; and decrypting said one or 
more IP packets at said one or more remote VPN-routers after decapsulation and 
before transmission to said one or more remote networks. 



